PT-2021-11541 · Gsap · Gsap

Alessio Della Libera

+1

·

Published

2021-01-19

·

Updated

2021-01-22

·

CVE-2020-28478

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: gsap versions prior to 3.6.0
Description: The issue is related to a prototype pollution vulnerability. It is reported to affect all versions of gsap before 3.6.0.
Recommendations: For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-28478
GHSA-6G8V-HPGW-H2V7
SNYK-JS-GSAP-1054614

Affected Products

Gsap